A Vulnerability in Apple’s Find My Network Has Led to The Possibility of Hacking Users’ Location History
Apple has launched a service called Find My to track their devices, and in 2019 they upgraded this feature to enable tracking even offline devices.
This allows you to track and locate any Apple device, such as the iPhone, iPad, iPod touch, Apple Watch, Mac, or AirPods, even when offline, through other surrounding Apple devices.
The technology that underpins Find My is even more intriguing. The location tracking feature, known as offline finding and introduced in 2019, sends out Bluetooth Low Energy (BLE) signals from Apple devices, allowing other Apple devices in close proximity to transmit their location to Apple’s servers.
To put it another way, offline loading transforms every mobile device into a broadcast beacon that uses a crowdsourced location tracking system that is both end-to-end encrypted and anonymous, to the point where no third party, including Apple, can decode those locations and create a history of every user’s whereabouts.
However, due to some shortcomings in the technology used to provide this facility, a team of engineers at Open Wireless Link (OWL) has now come to the conclusion that it is possible for another person to steal location data for the past 7 days.
When this feature is activated, the location data belonging to the device is encrypted using a public key and sent to the Apple servers via other devices, and the private key is not available to Apple or anyone else as it is not available to Apple or anyone else. Data testing is not available.
However, due to a vulnerability in the macOS Catalina version (CVE-2020–9986), a hacker was able to access the decay keys associated with the public key mentioned above, allowing the hacker to read the data.
However, Apple patched up this vulnerability in macOS via version macOS 10.15.7 in November last year, and it is reported that the AirTag feature they introduced later had a number of similar vulnerabilities.
Vulnerabilities in Apple’s proprietary mesh networking protocol, known as the Apple Wireless Direct Link (AWDL) used for this AirTag, include tracking users, crashing Apple devices, altering data passing through that protocol, and performing MITM attacks. Ian Beer, who works at Google’s Project Zero project, revealed that things can be done.
